2005: The Economics of Spam: Why Junk Email Is Still Profitable

By The EmailCloud Team |
2005 Spam History

Here is the single most important fact about junk email: it is almost free to send. That one economic reality explains why, despite decades of legislation, lawsuits, technical countermeasures, and universal public hatred, spam persists. The math works, and as long as the math works, the spam will flow.

The Cost Side

To understand spam economics, start with the cost structure. A legitimate email marketer using a service like Mailchimp or SendGrid pays roughly $0.50 to $1.00 per thousand emails — a tiny amount by normal business standards, but far too expensive for spam. At a penny per message, sending a billion emails would cost $10 million. No spam campaign could generate that kind of return.

Spammers don’t use legitimate infrastructure. They use botnets — networks of thousands or millions of computers infected with malware and controlled remotely. The computer owners don’t know their machines are sending spam. The electricity, bandwidth, and hardware costs are borne by the unwitting owners of compromised PCs.

The result? Researchers at UC Berkeley estimated in 2008 that the cost of sending spam via botnet was approximately $25 to $50 per million messages. At that rate, sending one billion emails costs somewhere between $25,000 and $50,000. For a hundred million, it’s pocket change.

The Revenue Side

Now for the revenue. Spam response rates are comically low. A landmark 2008 study by researchers at UC San Diego, titled “Spamalytics,” infiltrated the Storm botnet to measure actual spam conversion rates. They found that out of 350 million pharmaceutical spam emails sent, exactly 28 resulted in a purchase attempt. That’s a conversion rate of 0.00001% — one in 12.5 million.

Yet the study concluded the operation was still profitable. The researchers estimated the Storm botnet’s pharmaceutical spam operation generated approximately $7,000 per day, or roughly $2.5 million per year. The operators’ costs — maintaining the botnet, paying for hosting, processing payments — were estimated at a fraction of that.

The Asymmetry Problem

This is what economists call a negative externality. The cost of spam is not borne by the spammer — it’s borne by everyone else. A 2012 study estimated the global economic cost of spam at approximately $20 billion per year, including wasted bandwidth, storage, computing resources, employee time, and anti-spam infrastructure. The spammers who generated this cost took home roughly $200 million.

In other words, for every dollar a spammer earned, the rest of the world paid about a hundred dollars in costs. It’s one of the most lopsided cost-benefit ratios in all of commerce — spectacularly profitable for the sender, spectacularly expensive for everyone else.

Why Legitimate Businesses Paid Spammers

Here’s the uncomfortable truth that the industry preferred not to discuss: many spam campaigns promoted products from real companies. The so-called “affiliate spam” model worked like this: a company offered commissions to anyone who drove sales, no questions asked about the marketing methods. Spammers signed up as affiliates, blasted billions of emails, and collected commissions on the tiny trickle of resulting purchases.

The sponsoring companies maintained plausible deniability — they didn’t send the spam, their “affiliates” did. This gray area fueled a significant portion of spam volume through the 2000s. Pharmaceutical companies, online casinos, and software vendors all benefited from affiliate spam networks, whether they admitted it or not.

The CAN-SPAM Act of 2003 and subsequent enforcement actions tightened accountability, but affiliate spam remained a significant driver of volume for years after the law’s passage.

The Botnet Economy

Behind the economics of spam lies another economy: botnets themselves. By the mid-2000s, botnets had become sophisticated criminal enterprises with their own supply chains. Malware developers created the tools to compromise computers. Botnet operators assembled and maintained the networks. Spammers rented capacity.

The numbers were staggering. The Rustock botnet, active from roughly 2006 to 2011, controlled an estimated 1.1 million compromised computers and could send 44 billion spam emails per day. At its peak, Rustock alone was responsible for an estimated 40% of all spam worldwide. When Microsoft took it down in March 2011 through a coordinated legal and technical operation, global spam volumes dropped by a third overnight.

Why Spam Declined (Somewhat)

From its peak of around 85% of all email traffic in 2009, spam’s share has dropped to roughly 45% as of recent years. Several factors contributed:

Botnet takedowns by Microsoft, law enforcement, and security companies eliminated major spam sources. When Rustock fell, it didn’t come back.

Better filtering means spam that is sent rarely reaches inboxes. Gmail claims to block 99.9% of spam. When spam doesn’t reach people, response rates drop to zero, breaking the economic model.

Authentication protocols like SPF, DKIM, and DMARC made it harder to forge sender addresses, closing a loophole that spammers relied on.

Criminal prosecution raised the stakes. When spammers started receiving prison sentences rather than civil fines, the risk calculus changed.

Payment processing crackdowns made it harder for spammers to process credit card payments, choking off the revenue that made the whole operation viable.

The Math Still Works

Despite all these countermeasures, spam persists because the fundamental economics haven’t changed. Sending bulk email still costs almost nothing. Even with a fraction of messages reaching inboxes, even with minuscule response rates, the return on investment can be positive. As long as that equation holds, someone will be running the numbers and deciding it’s worth it.

The best defense for legitimate email marketers is to make sure their messages look nothing like spam. Our Subject Line Grader and Spam Word Checker help ensure your content doesn’t accidentally trigger the very filters that exist to stop the economics of junk email from ruining everyone’s inbox.

The Economics of Spam: Why Junk Email Is Still Profitable — Email History Timeline 2005

View on the Email History Timeline →

Infographic

Share this visual summary. Right-click to save.

The Economics of Spam: Why Junk Email Is Still Profitable — visual summary and key facts infographic

Related Events

2003

The Day AOL Accidentally Became the Biggest Spammer

 2002

Paul Graham's Bayesian Spam Filter: The Essay That Changed Everything

 2009

Spam's Share of Email: From 5% to 85% and Back Down

 2001

SpamAssassin: The Open-Source War on Junk Email

Frequently Asked Questions

How much does it cost to send spam?

The marginal cost of sending spam is near zero. Spammers using botnets of compromised computers pay virtually nothing per message. Estimates suggest the cost per million messages can be as low as $25-$50, making even microscopic response rates profitable.

What percentage of people actually respond to spam?

Studies estimate the response rate to spam at roughly 0.001% to 0.01% — one in 10,000 to one in 100,000. A 2008 UC San Diego study found a pharmaceutical spam campaign had a conversion rate of about 0.00001%, yet was still profitable due to volume.

How much money do spammers make?

Earnings vary enormously. Low-level spammers might make a few hundred dollars a month. The most prolific operations have generated millions annually. A 2011 study estimated total spam revenue at around $200 million per year, while the global cost of spam to businesses exceeded $20 billion.